Cyber security is becoming a challenge for businesses in India as the frequency of complex attacks grow at a rapid pace. Digitalisation or digital transformation, as we all know it, has its own challenges—the biggest being cyber security,” says Sivarama Krishnan, partner and leader cyber security, PwC India. In an interaction with Sudhir Chowdhary, Krishnan shares his insights on how CIOs can work closely with taxation/finance colleagues and adopt effective approaches towards cyber security. Excerpts:
What is the difference between a threat, a vulnerability and a risk in terms of cybersecurity?
There is threat when something (asset) needs to be protected. In this case, protection of digital assets is of utmost importance to any organisation. Any vulnerability which also means a gap or weakness in the system can act as an open invitation to cyber criminals. A threat is anything that can help cyber criminals obtain, damage or destroy digital assets. Combined together (asset, threat and vulnerability), they amount to a risk which, if not managed properly, can result in the loss of digital assets, which can be critical for the reputation and existence of an organisation.
How have recent technology trends affected security in India?
Cyber security in India has gained considerable momentum in the past few years. However, two key events—demonetisation and the rollout of GST—in the economy have led to a significant change, i.e., to inspire or force people, businesses, banks and government departments, among others, to rapidly go digital. Digitalisation or digital transformation, as we all know it, has its own challenges – the biggest being cyber security. It is critical that economic participants such as government, businesses and societies pay attention to the chinks in the armour of cyberspace, and develop adequate measures to identify, protect, detect, respond and recover processes and capabilities in the face of threats.
What are the cyber security implications that various stakeholders should keep in mind as GST is implemented?
After the rollout of GST in July, most of the organisations have incorporated GST suite/application into their core ERP system resulting into aggregation of their customer and suppliers’ information/data at one place. Earlier, organisations did not aggregate their customers and suppliers’ information/ data in one place. The information was distributed across systems, such as ERP, CRM, etc., and was fetched/pulled as and when needed. So the aggregation of data on a single system brings in potential risks for CIOs. If they haven’t yet realised them, they need to immediately put in place strong encryption for protection of data, and close loopholes at the earliest to keep cyber crooks at bay. Besides, CIOs need to work closely with their finance and taxation colleagues to deploy a very strong access control and data monitoring mechanism. Having said that, cybercrime mechanisms are evolving faster than the defence ones. Assuming that strong cyber security measures which CIOs may have taken are suffice will be an oversight of the risks coming their way. Regardless of the robust cyber security systems and frameworks, CIOs need to be on vigil all the while and be ready for any breach that may happen. They need to consistently assess their risk readiness.
How can the government or its authorised authority set up a technology solution that can assist it in monitoring the ecosystem for compliance? What are the attributes of such a solution that allow the regulations to keep pace with a changing technology ecosystem?
The Goods and Service Tax Network (GSTN) is the IT backbone of GST which began to operate after securing necessary regulatory approvals and industry standards. GSTN has the biggest responsibility to build/ensure trust among tax payers and businesses, and so has to be one step ahead in keeping its security muscle flexed.